About

From its office in Clayton, Missouri, Danna McKitrick, P.C., delivers legal representation to new and growing businesses, financial institutions, non-profit and government-related entities, business owners, individuals, and families throughout the greater St. Louis region and the Midwest.

Danna McKitrick attorneys practice across many areas of law, both industry- and service-oriented.

4.5M Records Stolen, HIPAA violation

In June 2014, hackers in China used high-end, sophisticated malware to launch criminal cyber-attacks to access patient information from a national hospital system. Community Health Systems, Inc. (“CHS”), operates 206 hospitals across the U.S. in 29 states, including four located in Missouri (Kennett, Kirksville, Moberly, and Poplar Bluff). The breached data is considered protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”).

In a filing with the U.S. Securities and Exchange Commission, CHS said the attacker was an “Advanced Persistent Threat” group which bypassed CHS’ security measures, successfully copying and transferring certain data outside CHS. Although CHS has confirmed that this data did not include patient credit card, medical, or clinical information, the breach does include patient names, addresses, birth dates, telephone numbers and Social Security numbers. CHS has been working closely with federal law enforcement authorities in connection with their investigation and potential prosecution of those determined to be responsible for this attack.

This breach is just one of many to take place in recent months, highlighting the need for health care organizations to firm up their preparedness plans as security of information in health care is a constant source of concern. According to a report from security rating firm BitSight Technology, health care industries saw the largest growth in security incidents from April 2013 to March 2014, but also the slowest response.

Posted by Attorney Laura Gerdes Long. Long practices in tort, insurance defense, legal malpractice, health care, and employment law. Well-versed in employment law policies and processes related to HIPAA, she serves as a trainer and advisor to health care providers, insurers, self-insured employers, and municipalities.